From Government Technology:

Federal officials working to define standards and tackle unanswered questions around software supply chain security have their work cut out for them, said speakers during an R Street Institute panel.

Federal agencies will need to develop clear, actionable standards on a breathtakingly fast timeline, said panelists convened yesterday by public policy research nonprofit R Street Institute.

Government officials are also pushing for the private sector to report and share more information, but encouraging this may require overcoming turbulent history, said Bryson Bort, R Street senior fellow and founder and CEO of cyber risk assessment firm SCYTHE.

“We’ve had cases where private industry has been burned — where they have gone and talked to government, and government has leaked the information,” Bort said. “Those kinds of things are hard to come back from.”

But Manfra said that officials may be able to win more ready cooperation if they’re careful to narrow down their requests to only ask companies for the exact details needed to meet specific goals.

That will get the government further than if it simply poses vague requests that the private sector “‘just tell us when bad things happen,’” she said, “because it’s hard to parse that out.”

Featured Publications